Overview

Identity.getPrincipal

Implementation of

transformRequest()

transformRequest(request): Promise<unknown>

Defined in: packages/core/src/identity/identity/attributes.ts:75

Transform a request into a signed version of the request. This is done last after the transforms on the body of a request. The returned object can be anything, but must be serializable to CBOR.

Parameters

request

Identity.transformRequest

Returns

Promise<unknown>

Implementation of

CryptoError

Defined in: packages/core/src/identity/identity/ecdsa.ts:13

Extends

Error

Constructors

Constructor

new CryptoError(message): CryptoError

Defined in: packages/core/src/identity/identity/ecdsa.ts:14

Parameters

message

string

Returns

CryptoError

Overrides

Error.constructor

Properties

cause?

optional cause?: unknown

Defined in: node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2022.error.d.ts:26

Inherited from

Error.cause

message

readonly message: string

Defined in: packages/core/src/identity/identity/ecdsa.ts:14

Inherited from

Error.message

name

name: string

Defined in: node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es5.d.ts:1076

Inherited from

Error.name

stack?

optional stack?: string

Defined in: node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es5.d.ts:1078

Inherited from

Error.stack

stackTraceLimit

static stackTraceLimit: number

Defined in: node_modules/.pnpm/@types+node@25.5.0/node_modules/@types/node/globals.d.ts:67

The Error.stackTraceLimit property specifies the number of stack frames collected by a stack trace (whether generated by new Error().stack or Error.captureStackTrace(obj)).

The default value is 10 but may be set to any valid JavaScript number. Changes will affect any stack trace captured after the value has been changed.

If set to a non-number value, or set to a negative number, stack traces will not capture any frames.

Inherited from

Error.stackTraceLimit

Methods

captureStackTrace()

static captureStackTrace(targetObject, constructorOpt?): void

Defined in: node_modules/.pnpm/@types+node@25.5.0/node_modules/@types/node/globals.d.ts:51

Creates a .stack property on targetObject, which when accessed returns a string representing the location in the code at which Error.captureStackTrace() was called.

const myObject = {};
Error.captureStackTrace(myObject);
myObject.stack;  // Similar to `new Error().stack`

The first line of the trace will be prefixed with ${myObject.name}: ${myObject.message}.

The optional constructorOpt argument accepts a function. If given, all frames above constructorOpt, including constructorOpt, will be omitted from the generated stack trace.

The constructorOpt argument is useful for hiding implementation details of error generation from the user. For instance:

function a() {
  b();
}

function b() {
  c();
}

function c() {
  // Create an error without stack trace to avoid calculating the stack trace twice.
  const { stackTraceLimit } = Error;
  Error.stackTraceLimit = 0;
  const error = new Error();
  Error.stackTraceLimit = stackTraceLimit;

  // Capture the stack trace above function b
  Error.captureStackTrace(error, b); // Neither function c, nor b is included in the stack trace
  throw error;
}

a();

Parameters

targetObject

object

constructorOpt?

Function

Returns

void

Inherited from

Error.captureStackTrace

prepareStackTrace()

static prepareStackTrace(err, stackTraces): any

Defined in: node_modules/.pnpm/@types+node@25.5.0/node_modules/@types/node/globals.d.ts:55

Parameters

err

Error

stackTraces

CallSite[]

Returns

any

See

https://v8.dev/docs/stack-trace-api#customizing-stack-traces

Inherited from

Error.prepareStackTrace

Delegation

Defined in: packages/core/src/identity/identity/delegation.ts:42

A single delegation object that is signed by a private key. This is constructed by DelegationChain.create().

DelegationChain

Implements

ToCborValue

Constructors

Constructor

new Delegation(pubkey, expiration, targets?): Delegation

Defined in: packages/core/src/identity/identity/delegation.ts:43

Parameters

pubkey

Uint8Array

expiration

bigint

targets?

Principal[]

Returns

Delegation

Properties

expiration

readonly expiration: bigint

Defined in: packages/core/src/identity/identity/delegation.ts:45

pubkey

readonly pubkey: Uint8Array

Defined in: packages/core/src/identity/identity/delegation.ts:44

targets?

readonly optional targets?: Principal[]

Defined in: packages/core/src/identity/identity/delegation.ts:46

Methods

toCborValue()

toCborValue(): object

Defined in: packages/core/src/identity/identity/delegation.ts:49

Returns a value that can be encoded with CBOR. Typically called in the replacer function of the encode function.

Returns

object

expiration

expiration: bigint

pubkey

pubkey: Uint8Array<ArrayBufferLike>

targets?

optional targets?: Principal[]

Implementation of

ToCborValue.toCborValue

toJSON()

toJSON(): JsonnableDelegation

Defined in: packages/core/src/identity/identity/delegation.ts:59

Returns

JsonnableDelegation

DelegationChain

Defined in: packages/core/src/identity/identity/delegation.ts:149

A chain of delegations. This is JSON Serializable. This is the object to serialize and pass to a DelegationIdentity. It does not keep any private keys.

Constructors

Constructor

protected new DelegationChain(delegations, publicKey): DelegationChain

Defined in: packages/core/src/identity/identity/delegation.ts:243

Parameters

Properties

delegations

readonly delegations: SignedDelegation[]

Defined in: packages/core/src/identity/identity/delegation.ts:244

publicKey

readonly publicKey: DerEncodedPublicKey

Defined in: packages/core/src/identity/identity/delegation.ts:245

Methods

toJSON()

toJSON(): JsonnableDelegationChain

Defined in: packages/core/src/identity/identity/delegation.ts:248

Returns

JsonnableDelegationChain

create()

static create(from, to, expiration?, options?): Promise<DelegationChain>

Defined in: packages/core/src/identity/identity/delegation.ts:179

Create a delegation chain between two (or more) keys. By default, the expiration time will be very short (15 minutes).

To build a chain of more than 2 identities, this function needs to be called multiple times, passing the previous delegation chain into the options argument. For example:

Parameters

from

SignIdentity

The identity that will delegate.

to

The identity that gets delegated. It can now sign messages as if it was the identity above.

expiration?

Date = ...

The length the delegation is valid. By default, 15 minutes from calling this function.

options?

A set of options for this delegation. expiration and previous

previous?

Another DelegationChain that this chain should start with.

targets?

Principal[]

targets that scope the delegation (e.g. Canister Principals)

Returns

Promise<DelegationChain>

Example

const rootKey = createKey();
const middleKey = createKey();
const bottomeKey = createKey();

const rootToMiddle = await DelegationChain.create(
  root, middle.getPublicKey(), Date.parse('2100-01-01'),
);
const middleToBottom = await DelegationChain.create(
  middle, bottom.getPublicKey(), Date.parse('2100-01-01'), { previous: rootToMiddle },
);

// We can now use a delegation identity that uses the delegation above:
const identity = DelegationIdentity.fromDelegation(bottomKey, middleToBottom);

fromDelegations()

static fromDelegations(delegations, publicKey): DelegationChain

Defined in: packages/core/src/identity/identity/delegation.ts:236

Creates a DelegationChain object from a list of delegations and a DER-encoded public key.

Parameters

delegations

SignedDelegation[]

The list of delegations.

publicKey

The DER-encoded public key of the key-pair signing the first delegation.

Returns

fromJSON()

static fromJSON(json): DelegationChain

Defined in: packages/core/src/identity/identity/delegation.ts:199

Creates a DelegationChain object from a JSON string.

Parameters

json

string | JsonnableDelegationChain

The JSON string to parse.

Returns

DelegationIdentity

Defined in: packages/core/src/identity/identity/delegation.ts:275

An Identity that adds delegation to a request. Everywhere in this class, the name innerKey refers to the SignIdentity that is being used to sign the requests, while originalKey is the identity that is being borrowed. More identities can be used in the middle to delegate.

Extends

SignIdentity

Constructors

Constructor

protected new DelegationIdentity(_inner, _delegation): DelegationIdentity

Defined in: packages/core/src/identity/identity/delegation.ts:288

Parameters

_inner

Pick<SignIdentity, "sign">

_delegation

Returns

DelegationIdentity

Overrides

Properties

_principal

protected _principal: Principal | undefined

Inherited from

Methods

getDelegation()

getDelegation(): DelegationChain

Defined in: packages/core/src/identity/identity/delegation.ts:295

Returns

getPrincipal()

getPrincipal(): Principal

Get the principal represented by this identity. Normally should be a Principal.selfAuthenticating().

Returns

Inherited from

getPublicKey()

getPublicKey(): PublicKey

Defined in: packages/core/src/identity/identity/delegation.ts:299

Returns the public key that would match this identity’s signature.

Returns

Overrides

sign()

sign(blob): Promise<Signature>

Defined in: packages/core/src/identity/identity/delegation.ts:305

Signs a blob of data, with this identity’s private key.

Parameters

blob

Uint8Array

Returns

Promise<Signature>

Overrides

transformRequest()

transformRequest(request): Promise<unknown>

Defined in: packages/core/src/identity/identity/delegation.ts:309

Transform a request into a signed version of the request. This is done last after the transforms on the body of a request. The returned object can be anything, but must be serializable to CBOR.

Parameters

request

internet computer request to transform

Returns

Promise<unknown>

Overrides

fromDelegation()

static fromDelegation(key, delegation): DelegationIdentity

Defined in: packages/core/src/identity/identity/delegation.ts:281

Create a delegation without having access to delegateKey.

Parameters

key

Pick<SignIdentity, "sign">

The key used to sign the requests.

delegation

A delegation object created using createDelegation.

Returns

DelegationIdentity

ECDSAKeyIdentity

Defined in: packages/core/src/identity/identity/ecdsa.ts:47

An identity interface that wraps an ECDSA keypair using the P-256 named curve. Supports DER-encoding and decoding for agent calls

Extends

SignIdentity

Constructors

Constructor

protected new ECDSAKeyIdentity(keyPair, derKey, subtleCrypto): ECDSAKeyIdentity

Defined in: packages/core/src/identity/identity/ecdsa.ts:103

Parameters

keyPair

CryptoKeyPair

derKey

subtleCrypto

SubtleCrypto

Returns

ECDSAKeyIdentity

Overrides

Properties

_derKey

protected _derKey: DerEncodedPublicKey

Defined in: packages/core/src/identity/identity/ecdsa.ts:98

_keyPair

protected _keyPair: CryptoKeyPair

Defined in: packages/core/src/identity/identity/ecdsa.ts:99

_principal

protected _principal: Principal | undefined

Inherited from

_subtleCrypto

protected _subtleCrypto: SubtleCrypto

Defined in: packages/core/src/identity/identity/ecdsa.ts:100

Methods

getKeyPair()

getKeyPair(): CryptoKeyPair

Defined in: packages/core/src/identity/identity/ecdsa.ts:118

Return the internally-used key pair.

Returns

CryptoKeyPair

a CryptoKeyPair

getPrincipal()

getPrincipal(): Principal

Get the principal represented by this identity. Normally should be a Principal.selfAuthenticating().

Returns

Inherited from

getPublicKey()

getPublicKey(): PublicKey & DerCryptoKey

Defined in: packages/core/src/identity/identity/ecdsa.ts:126

Return the public key.

Returns

PublicKey & DerCryptoKey

an & DerCryptoKey

Overrides

sign()

sign(challenge): Promise<Signature>

Defined in: packages/core/src/identity/identity/ecdsa.ts:141

Signs a blob of data, with this identity’s private key.

Parameters

challenge

Uint8Array

challenge to sign with this identity’s secretKey, producing a signature

Returns

Promise<Signature>

signature

Overrides

transformRequest()

transformRequest(request): Promise<unknown>

Defined in: packages/core/src/agent/auth.ts:87

Transform a request into a signed version of the request. This is done last after the transforms on the body of a request. The returned object can be anything, but must be serializable to CBOR.

Parameters

request

internet computer request to transform

Returns

Promise<unknown>

Inherited from

fromKeyPair()

static fromKeyPair(keyPair, subtleCrypto?): Promise<ECDSAKeyIdentity>

Defined in: packages/core/src/identity/identity/ecdsa.ts:84

generates an identity from a public and private key. Please ensure that you are generating these keys securely and protect the user’s private key

Parameters

keyPair

CryptoKeyPair | { privateKey: CryptoKey; publicKey: CryptoKey; }

a CryptoKeyPair

subtleCrypto?

SubtleCrypto

a SubtleCrypto interface in case one is not available globally

Returns

Promise<ECDSAKeyIdentity>

an ECDSAKeyIdentity

generate()

static generate(options?): Promise<ECDSAKeyIdentity>

Defined in: packages/core/src/identity/identity/ecdsa.ts:56

Generates a randomly generated identity for use in calls to the Internet Computer.

Parameters

options?

CryptoKeyOptions

optional settings

Returns

Promise<ECDSAKeyIdentity>

a ECDSAKeyIdentity

Ed25519KeyIdentity

Defined in: packages/core/src/identity/identity/ed25519.ts:115

Ed25519KeyIdentity is an implementation of SignIdentity that uses Ed25519 keys. This class is used to sign and verify messages for an agent.

Extends

SignIdentity

Constructors

Constructor

protected new Ed25519KeyIdentity(publicKey, privateKey): Ed25519KeyIdentity

Defined in: packages/core/src/identity/identity/ed25519.ts:175

Parameters

publicKey

privateKey

Uint8Array

Returns

Overrides

Properties

_principal

protected _principal: Principal | undefined

Inherited from

Methods

getKeyPair()

getKeyPair(): KeyPair

Defined in: packages/core/src/identity/identity/ed25519.ts:191

Return a copy of the key pair.

Returns

KeyPair

getPrincipal()

getPrincipal(): Principal

Get the principal represented by this identity. Normally should be a Principal.selfAuthenticating().

Returns

Inherited from

getPublicKey()

getPublicKey(): Required<PublicKey>

Defined in: packages/core/src/identity/identity/ed25519.ts:201

Return the public key.

Returns

Required<PublicKey>

Overrides

sign()

sign(challenge): Promise<Signature>

Defined in: packages/core/src/identity/identity/ed25519.ts:209

Signs a blob of data, with this identity’s private key.

Parameters

challenge

Uint8Array

challenge to sign with this identity’s secretKey, producing a signature

Returns

Promise<Signature>

Overrides

JsonnableEd25519KeyIdentity

toJSON()

toJSON(): JsonnableEd25519KeyIdentity

Defined in: packages/core/src/identity/identity/ed25519.ts:184

Serialize this key to JSON.

Returns

transformRequest()

transformRequest(request): Promise<unknown>

Defined in: packages/core/src/agent/auth.ts:87

Transform a request into a signed version of the request. This is done last after the transforms on the body of a request. The returned object can be anything, but must be serializable to CBOR.

Parameters

request

internet computer request to transform

Returns

Promise<unknown>

Inherited from

fromJSON()

static fromJSON(json): Ed25519KeyIdentity

Defined in: packages/core/src/identity/identity/ed25519.ts:151

Parameters

json

string

Returns

fromKeyPair()

static fromKeyPair(publicKey, privateKey): Ed25519KeyIdentity

Defined in: packages/core/src/identity/identity/ed25519.ts:162

Parameters

publicKey

Uint8Array

privateKey

Uint8Array

Returns

JsonnableEd25519KeyIdentity

fromParsedJson()

static fromParsedJson(obj): Ed25519KeyIdentity

Defined in: packages/core/src/identity/identity/ed25519.ts:143

Parameters

obj

Returns

fromSecretKey()

static fromSecretKey(secretKey): Ed25519KeyIdentity

Defined in: packages/core/src/identity/identity/ed25519.ts:166

Parameters

secretKey

Uint8Array

Returns

generate()

static generate(seed?): Ed25519KeyIdentity

Defined in: packages/core/src/identity/identity/ed25519.ts:121

Generate a new Ed25519KeyIdentity.

Parameters

seed?

Uint8Array<ArrayBufferLike>

a 32-byte seed for the private key. If not provided, a random seed will be generated.

Returns

Ed25519KeyIdentity

verify()

static verify(sig, msg, pk): boolean

Defined in: packages/core/src/identity/identity/ed25519.ts:229

Verify

Parameters

sig

string | ArrayBuffer | Uint8Array<ArrayBufferLike>

signature to verify

msg

string | ArrayBuffer | Uint8Array<ArrayBufferLike>

message to verify

pk

string | ArrayBuffer | Uint8Array<ArrayBufferLike>

public key

Returns

boolean

true if the signature is valid, false otherwise

Ed25519PublicKey

Defined in: packages/core/src/identity/identity/ed25519.ts:21

A Public Key implementation.

Implements

PublicKey

Accessors

derKey

Get Signature

get derKey(): DerEncodedPublicKey

Defined in: packages/core/src/identity/identity/ed25519.ts:90

Returns

Implementation of

PublicKey.derKey

rawKey

Get Signature

get rawKey(): Uint8Array

Defined in: packages/core/src/identity/identity/ed25519.ts:84

Returns

Uint8Array

Implementation of

PublicKey.rawKey

Methods

toDer()

toDer(): DerEncodedPublicKey

Defined in: packages/core/src/identity/identity/ed25519.ts:103

Returns

Implementation of

PublicKey.toDer

toRaw()

toRaw(): Uint8Array

Defined in: packages/core/src/identity/identity/ed25519.ts:107

Returns

Uint8Array

Implementation of

PublicKey.toRaw

from()

static from(maybeKey): Ed25519PublicKey

Defined in: packages/core/src/identity/identity/ed25519.ts:27

Construct Ed25519PublicKey from an existing PublicKey

Parameters

maybeKey

unknown

existing PublicKey, ArrayBuffer, DerEncodedPublicKey, or hex string

Returns

Ed25519PublicKey

Instance of Ed25519PublicKey

fromDer()

static fromDer(derKey): Ed25519PublicKey

Defined in: packages/core/src/identity/identity/ed25519.ts:61

Parameters

derKey

Returns

Ed25519PublicKey

fromRaw()

static fromRaw(rawKey): Ed25519PublicKey

Defined in: packages/core/src/identity/identity/ed25519.ts:57

Parameters

rawKey

Uint8Array

Returns

Ed25519PublicKey

PartialDelegationIdentity

Defined in: packages/core/src/identity/identity/delegation.ts:329

A partial delegated identity, representing a delegation chain and the public key that it targets

Extends

PartialIdentity

Accessors

delegation

Get Signature

get delegation(): DelegationChain

Defined in: packages/core/src/identity/identity/delegation.ts:335

The Delegation Chain of this identity.

Returns

PartialIdentity.derKey

derKey

Get Signature

get derKey(): Uint8Array<ArrayBufferLike> | undefined

Defined in: packages/core/src/identity/identity/partial.ts:20

The DER-encoded public key of this identity.

Returns

Uint8Array<ArrayBufferLike> | undefined

Inherited from

rawKey

Get Signature

get rawKey(): Uint8Array<ArrayBufferLike> | undefined

Defined in: packages/core/src/identity/identity/partial.ts:13

The raw public key of this identity.

Returns

Uint8Array<ArrayBufferLike> | undefined

Inherited from

PartialIdentity.rawKey

Methods

getPrincipal()

getPrincipal(): Principal

Defined in: packages/core/src/identity/identity/partial.ts:41

The Principal of this identity.

Returns

PartialIdentity.getPrincipal

Inherited from

getPublicKey()

getPublicKey(): PublicKey

Defined in: packages/core/src/identity/identity/partial.ts:34

The inner PublicKey used by this identity.

Returns

PartialIdentity.getPublicKey

Inherited from

toDer()

toDer(): Uint8Array

Defined in: packages/core/src/identity/identity/partial.ts:27

The DER-encoded public key of this identity.

Returns

Uint8Array

Inherited from

PartialIdentity.toDer

transformRequest()

transformRequest(): Promise<never>

Defined in: packages/core/src/identity/identity/partial.ts:51

Required for the Identity interface, but cannot implemented for just a public key.

Returns

Promise<never>

Inherited from

PartialIdentity.transformRequest

fromDelegation()

static fromDelegation(key, delegation): PartialDelegationIdentity

Defined in: packages/core/src/identity/identity/delegation.ts:349

Create a PartialDelegationIdentity from a PublicKey and a DelegationChain.

Parameters

key

The PublicKey to delegate to.

delegation

PartialDelegationIdentity

a DelegationChain targeting the inner key.

Returns

PartialIdentity

Defined in: packages/core/src/identity/identity/partial.ts:7

A partial delegated identity, representing a delegation chain and the public key that it targets

Extended by

PartialDelegationIdentity

Implements

Identity

Constructors

Constructor

new PartialIdentity(inner): PartialIdentity

Defined in: packages/core/src/identity/identity/partial.ts:57

Parameters

inner

Returns

PartialIdentity

Accessors

derKey

Get Signature

get derKey(): Uint8Array<ArrayBufferLike> | undefined

Defined in: packages/core/src/identity/identity/partial.ts:20

The DER-encoded public key of this identity.

Returns

Uint8Array<ArrayBufferLike> | undefined

rawKey

Get Signature

get rawKey(): Uint8Array<ArrayBufferLike> | undefined

Defined in: packages/core/src/identity/identity/partial.ts:13

The raw public key of this identity.

Returns

Uint8Array<ArrayBufferLike> | undefined

Methods

getPrincipal()

getPrincipal(): Principal

Defined in: packages/core/src/identity/identity/partial.ts:41

The Principal of this identity.

Returns

Identity.getPrincipal

Implementation of

getPublicKey()

getPublicKey(): PublicKey

Defined in: packages/core/src/identity/identity/partial.ts:34

The inner PublicKey used by this identity.

Returns

Identity.transformRequest

toDer()

toDer(): Uint8Array

Defined in: packages/core/src/identity/identity/partial.ts:27

The DER-encoded public key of this identity.

Returns

Uint8Array

transformRequest()

transformRequest(): Promise<never>

Defined in: packages/core/src/identity/identity/partial.ts:51

Required for the Identity interface, but cannot implemented for just a public key.

Returns

Promise<never>

Implementation of

WebAuthnIdentity

Defined in: packages/core/src/identity/identity/webauthn.ts:137

A SignIdentity that uses navigator.credentials. See https://webauthn.guide/ for more information about WebAuthentication.

Extends

SignIdentity

Constructors

Constructor

new WebAuthnIdentity(rawId, cose, authenticatorAttachment): WebAuthnIdentity

Defined in: packages/core/src/identity/identity/webauthn.ts:184

Parameters

rawId

Uint8Array

cose

Uint8Array

authenticatorAttachment

AuthenticatorAttachment | undefined

Returns

WebAuthnIdentity

Overrides

Properties

_principal

protected _principal: Principal | undefined

Inherited from

_publicKey

protected _publicKey: CosePublicKey

Defined in: packages/core/src/identity/identity/webauthn.ts:182

authenticatorAttachment

protected authenticatorAttachment: AuthenticatorAttachment | undefined

Defined in: packages/core/src/identity/identity/webauthn.ts:187

rawId

readonly rawId: Uint8Array

Defined in: packages/core/src/identity/identity/webauthn.ts:185

Methods

getAuthenticatorAttachment()

getAuthenticatorAttachment(): AuthenticatorAttachment | undefined

Defined in: packages/core/src/identity/identity/webauthn.ts:205

WebAuthn level 3 spec introduces a new attribute on successful WebAuthn interactions, see https://w3c.github.io/webauthn/#dom-publickeycredential-authenticatorattachment. This attribute is already implemented for Chrome, Safari and Edge.

Given the attribute is only available after a successful interaction, the information is provided opportunistically and might also be undefined.

Returns

AuthenticatorAttachment | undefined

getPrincipal()

getPrincipal(): Principal

Get the principal represented by this identity. Normally should be a Principal.selfAuthenticating().

Returns

Inherited from

getPublicKey()

getPublicKey(): PublicKey

Defined in: packages/core/src/identity/identity/webauthn.ts:193

Returns the public key that would match this identity’s signature.

Returns

Overrides

sign()

sign(blob): Promise<Signature>

Defined in: packages/core/src/identity/identity/webauthn.ts:209

Signs a blob of data, with this identity’s private key.

Parameters

blob

Uint8Array

Returns

Promise<Signature>

Overrides

toJSON()

toJSON(): JsonnableWebAuthnIdentity

Defined in: packages/core/src/identity/identity/webauthn.ts:249

Allow for JSON serialization of all information needed to reuse this identity.

Returns

JsonnableWebAuthnIdentity

transformRequest()

transformRequest(request): Promise<unknown>

Defined in: packages/core/src/agent/auth.ts:87

Transform a request into a signed version of the request. This is done last after the transforms on the body of a request. The returned object can be anything, but must be serializable to CBOR.

Parameters

request

internet computer request to transform

Returns

Promise<unknown>

Inherited from